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Abstract. A web service is modeled here as a finite state machine. A composition 
problem for web services is to decide if a given web service can be constructed from a given 
set of web services; where the construction is understood as a simulation of the specification 
by a fully asynchronous product of the given services. We show an EXPTIME-lower bound 
for this problem, thus matching the known upper bound. Our result also applies to richer 
models of web services, such as the Roman model. 



1. Introduction 

Inherently distributed applications such as web services [I] increasingly get into the 
focus of automated verification techniques. Often, some basic e-services are already imple- 
mented, but no such simple service can answer to a more complex query. For instance, a user 
interested in hiking Mt. Everest will ask a travel agency for information concerning weather 
forecast, group travels, guides etc. The travel agency will contact different e-services, ask- 
ing for such information and making appropriate reservations, if places are available. In 
general, single services such as weather forecast or group reservations, are already available 
and it is important to be able to reuse them without any change. The task of the travel 
agency is to compose basic e-services in such a way that the user's requirements are met 
(and eventually some constraints wrt. the called services, such as avoiding unreliable ones). 
Thus, one main objective is to be able to check automatically that the composition of basic 
e-services satisfies certain desirable properties or realizes another complex e-service. 

In this paper we study a problem that arises in the composition of e-services as con- 
sidered in [H HI S]. ^he setting is the following: we get as input a specification (goal) B, 
together with n available services Ai, ■ ■ ■ , A n . Then we ask whether the composition of the 
services Ai can simulate the behavior of the goal B. This problem is known as composition 
synthesis. It amounts to synthesize a so-called delegator, that tells at any moment which 
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service must perform an action. In essence, a delegator implements a simulation relation 
of the goal service B by the composition of the available services A%. In the most general 
setting, as considered for instance in [21 El E] , services are modeled by communicating state 
machines J5J, that have access to some local data. In this paper, we reconsider the simplified 
setting of the so-called Roman model [2] where services are finite state processes with no 
access to data and no mutual synchronization. This restriction is severe, however sufficient 
for our purposes, since our primary motivation is to obtain a complexity lower bound for 
the composition synthesis problem. 

In this paper we study the complexity of the composition synthesis problem in the very 
simple setting where the composition of the finite state machines A% is fully asynchronous 
(in particular there is no communication). This case is interesting for two reasons. It is 
known to be decidable in Exptime j2J 3 contrary to some richer frameworks where it is un- 
decidable [3j. It is also probably the simplest setting where the problem can be formulated, 
thus the complexity of this variant gives a lower bound on the complexity of any other 
variants of the synthesis problem. A related problem arises when instead of simulation one 
considers bisimulation. This is sometimes called orchestration "problem, where the issue is 
to find a communication architecture of the available services, that is equivalent to the goal, 
modulo bisimulation. In our setting, this problem amounts to checking if the asynchronous 
composition of finite state machines is bisimilar to a given machine. 

The main result of this paper is the Exptime lower bound for the composition synthesis 
problem. We also show that the same question can be solved in polynomial time if we 
assume that the sets of actions of the available machines are pairwise disjoint, i.e., each 
request can be handled by precisely one service. Note that in the latter case, the set of 
actions depends on the number of processes, whereas for the first result we show that the 
case where the set of actions is fixed is already ExPTiME-hard. We also show that the 
orchestration (bisimulation) problem is Nlogspace complete, independently of whether 
the sets of actions of the components are disjoint or no1^- This result, however, is less 
interesting the context of service composition. The bisimulation requirement means that 
that the client (goal automaton) should be prepared to admit all possible interleavings in 
the composition, which usually makes the specification too complex. 

Similar kinds of questions were also considered by the verification community. There 
is a large body of literature on the complexity of bisimulation and simulation problems 
for different kinds of process calculi (for a survey see [E])- A result that is most closely 
related to ours is the Exptime completeness of simulation and bisimulation between non- 
flat systems |10j . The main difference to our setting is that there both a system and services 
are given as composition of finite state machines using (binary) synchronization on actions, 
i.e., an action can synchronize two services. In a sense this paper shows that the lower 
bound for the simulation holds even without any synchronization. 

This paper is an extended version of the conference publication [11]. In particular, the 
characterization of the complexity of the bisimulation problem is new. 



This problem is easier than checking bisimulation between a BPP and a finite state automaton, which 
is P-complete. The reason is that the finite-state automaton is deterministic in our setting. 
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2. Notations 

We denote throughout this paper tuples of states (i.e., global states of a product au- 
tomaton) by bold characters q,s,t, Unless otherwise stated, the components of vector 

t 3X6 • • • j tfi . 

An asynchronous product of n deterministic automata 

•Ai = (Qi, T,i,q® ,5i : Qi x Sj — > Qi) 
is a nondeterministic automaton: 

A (8) ■ ■ ■ ® A = (Q, S, & <5 : Q x £ V(Q)) 
where: Q = Q\ x • • • x Q n ; S = Ui=i,...,n S «! 9 = (<??> • • • > 9°); an d <5 is defined by: 
t G <5(s, a) iff for some i, ij = <5j(sj, a) and for all j/iwe have = Sj. 
Observe that the product automaton can be non deterministic because the alphabets 
Sj are not necessarily disjoint. 

We define a simulation relation on nondeterministic automata in a standard way. 
Take two nondeterministic automata A = (Qa,^,Q%Sa ■ Qa x S — > V{Qa)) and = 
(Qb,^,Qb^b '■ Qb x S — ► V(Qb)} over the same alphabet. The simulation relation 
Qa x is the biggest relation such that if qa =^ g# then for every a G S and every 
G <5a(<?a, «) there is g B G 5s(qB, o) such that =<; We write „4 ^ ^ if q A =^ g B . 

Problem: Given n deterministic automata Ai , ■ ■ ■ , -4 n and a deterministic automaton £> 
decide if B .Ai <g> ■ ■ ■ (g) 

We will show that this problem is ExPTiME-complete. It is clearly in Exptime as one 
can construct the product Ai <8> • • • <8> A n explicitly and calculate the biggest simulation 
relation with B. The rest of this paper will contain the proof of ExPTiME-hardness. We 
will start with the PsPACE-hardness, as this will allow us to introduce the method and some 
notation. 

3. A Pspace lower bound 

We will show PsPACE-hardness of the problem by reducing it to the existence of a loop- 
ing computation of a linearly space bounded deterministic Turing machine. The presented 
proof of the Pspace bound has the advantage to generalize to the encoding of alternating 
machines that we will present in the following section. 

Fix a deterministic Turing machine M working in space bounded by the size of its 
input. We want to decide if on a given input the computation of the machine loops. Thus 
we do not need any accepting states in the machine and we can assume that there are 
no transitions from rejecting states. We denote by Q the states of M and by V the tape 
alphabet of M. A configuration of M is a word over r U {Q x V) with exactly one occurrence 
of a letter from Q x T. A configuration is of size n if it is a word of length n. Transitions of 
M will be denoted as qa — > q'bd, where q,q' are the old/new state, a, b the old/new tape 
symbol and d G {l,r} the left/right head move (w.l.o.g. we assume that M moves the head 
in each step). 

Suppose that the input is a word w of size n. We will construct automata Ai, ■ ■ ■ , A n 
and B such that B =4 A\ <8> • • • <8> An iff the computation of M on w is infinite. 
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We start with some auxiliary alphabets. For every i = 1, . . . , n let 

Ti = T x {i} and A, = (Q x r { ) U (Q x ]?* x {I, r}) . 

We will write a% instead of (a,£) for elements of Tj. Let also A = IJi=i 
The automaton Ai = (Qi, Ej, g?, — >} is defined as follows: 

• The set of states is Qi = T U (Q x T) U {T}, and the alphabet of the automaton is Ej = A. 

• We have transitions: 

— a get, for all a E T and g E Q, 

— qa Q —^ b, for ga — > g'M the transition of M on ga (there is at most one). 

— From a, transitions on letters in Aj \ {qa>i : q E Q} go to T. Similarly, from qa 
transitions on Aj \ {qbid} go to T if there is a transition of M on qa; if not, then qa 
has no outgoing transitions. From T there are self-loops on all letters from A. 

• For i = 2, . . . , n the initial state of Ai is Wi, the i-th letter of w; for Ai the initial state 
is q°w\, i.e., the initial state of M and the first letter of w. 

Figure Q] shows a part of Ai : 




Figure 1: Part of Ai 



The idea is classical: automaton Ai controls the i-th tape symbol, whereas automaton 
B defined below is in charge of the control part of M. The challenge is to do this without 
using any synchronization between adjacent automata Ai,Ai + \. Next, we introduce an 
automaton K that will be used to define B (see also Figure [2]) . The set of states of K is 
Qk = {s, e} U (Q x [J Tj x {l,r}); the initial state is s and the final one e; the alphabet is 
A; the transitions are defined by: 

• s — ^ q'bir for i = 1, . . . , n — 1, whenever we have a transition qa — > g'&r in M for some 
state g and some letter a; 

• s q _!±i q'bi + il for £ = 1, . . . , n — 1, whenever we have a transition qa — ► gM in M for some 
state g and some letter a; 

• g'&jr ^-^i. 1 e a nd q'bi + \l + e for all c E T. 

Figure [2] presents a schema of the automaton K. We define B as the deterministic automaton 
recognizing (L(K))* , that is obtained by gluing together the states s and e. 

Remark 1. All Ai and B are deterministic automata of size polynomial in n. The input 
alphabets of the Ai are almost pairwise disjoint: the only states with common labels on 
outgoing transitions are the T states. 
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Figure 2: Automaton K 



Definition 3.1. We say that a configuration C of size n of M corresponds to a global state 
s of Ai <8> • • • <8> A n iff Si = C(i) for i = 1, . . . , n; in other words, if the state of Ai is the 
same as the i-th letter of C. 

Definition 3.2. We say that a global state s of .Ai ® • • • <8> A n is proper when there is no 
T-state in s. 

Lemma 3.3. If s is a proper state, then for every letter a £ A the automaton A\ (8 • • • ® An 
has in state s at most one outgoing a-transition. Once the automaton enters a state that is 
not proper, it stays in non proper states. 

It is easy to see that from a non proper state, A\ ■ ■ ■ ® A n can simulate any state of 
B. The reason is that from T, any move on letters from A is possible. 

Lemma 3.4. Suppose that Ai <£> • • • <S> A n is in a state s that corresponds to a configuration 
C of M. 

• If C is a configuration with no successor, then there is a word v € L(K) that cannot be 
simulated by Ai <8> • • • <8> A n from s. 

• Otherwise, the successor configuration C h C exists, and there is a unique word v £ L(K) 
such that s — —> t and t is proper. Moreover t corresponds to C' . All other words from 
L(K) lead from s to non proper states of Ai <8> • • • <8> A n - 

Proof. For the first claim, assume that s corresponds to a configuration, thus there is exactly 
one i such that Ai is in a state from Q x T. The other automata are in states from T. 

If C is terminal then Ai is in a state qa which has no outgoing transition. This means 
that this state can simulate no move on letters q'hr, for q' € Q and bi € Tj (and such a 
move exists in K, as the machine M must have a move to the right if it is nontrivial). All 
other automata are also not capable to simulate q'bir as they can do only moves on letters 
Aj for j i. 

Now suppose that C h C. To avoid special, but simple, cases suppose that the position 
i of the state is neither the first nor the last. Let Sj = qa and suppose also that qa — > q'br 
is the move of M on qa. The case when the move is to the left is similar. 

The only possible move of K from s which will put Ai <8> ■ ■ ■ <8> A n into a proper state is 
q'^r. This makes Ai to change the state to b and it makes K to change the state to q'bir. 
From this latter state the only possible move of K is on letters q'c' i+1 for arbitrary d G Y. 
Suppose that Ai+i is in the state c = Sj+i G T, then all moves of K on q'c' i+1 with d ^ c 
can be matched with a move to T of Ai+i- On q'oi + \ the automaton Ai+i goes to q'c and 
automaton if goes to e. This way the state in the configuration is changed and transmitted 
to the right. We have that the new state of Ai <8> ■ ■ ■ <8> A n corresponds to the configuration 

c. 
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□ 

Lemma 3.5. We have B =4 A\ ® • • • (8> A n iff the computation of M on w is infinite. 

Proof. Recall that B is a deterministic automaton recognizing (L(K))* , and has initial state 
s. The initial state of Ai ® • • • <8> A n corresponds to the initial configuration Co of M on 
w. We show now for every state t corresponding to a configuration C of M: s =4 t iff the 
computation of M starting in C is infinite. 

From a configuration C, the machine M has only one computation: either infinite, or a 
finite one that is blocking. Suppose that the computation from C has at least one step and 
let C\ be the successor configuration. By Lemma [3.41 from state s there is exactly one word 
V\ € L(K) such that t — 1 -> t\ in Ai <8> • • • ® A n , and t\ is proper. Moreover t\ corresponds 
to C\. On all other words from L(K), the product A\ ® ■ ■ ■ <8> A n reaches non proper 
states and from there it can simulate any future behaviour of B. If C\ has no successor 
configuration then, again by Lemma 13.41 there is a word in L(K) that cannot be simulated 
by Ai <8> • • • <8> A n from t±. If C\ has a successor then we repeat the whole argument. Thus 
the behaviour of B from s can be simulated by Ax ® • • • <8> A n from the state corresponding 
to C iff the machine M has an infinite computation starting from C. 

□ 

One can note that the construction presented in this section uses actions that are 
common to several processes in a quite limited way: the only states that have common 
outgoing labels are the T states from which all behaviours are possible. This observation 
motivates the question about the complexity of the problem when the automata A\ , ■ ■ ■ , A n 
have pairwise disjoint alphabets. With this restriction, the simulation problem can be solved 
efficiently: 

Theorem 3.6. The following question can be solved in polynomial time: 

Input: n deterministic automata Ai, ■ ■ ■ ,A n over pairwise disjoint input alphabets, and 

a deterministic automaton B. 

Output: decide if B =<! A\ <8> • • • <8> A n . 

Proof. Let C{ be a automaton with a single state T, and with self- loops on every letter from 
the alphabet Ej of A%. We write A^ % > for the asynchronous product of all Cj, j ^ i, and 
of Ai. Similarly, fW will denote t with all components but i replaced by T. Suppose now 
that p is a state of B, and t a state of A\ (g> • ■ • §5 A n . We write p t if p is simulated by 
ffl in A® ■ Notice that since B and Ai are both deterministic, we can decide if p t in 
logarithmic space (hence in polynomial time), by guessing simultaneously a path in B and 
one in Ai- 

We show now that p =<! t in A\ ® • • • (8> An iff p t for all i. 

If p =4 t, then all the more p =4 ffl, since Cj can simulate «4j for all j = 1, . . . ,n. 
Conversely, assume that p =4i t for all i, but p ^ t. This means that there exist computations 
p a — > k p' in B, t a — l k u in A\ ® • • • ® A n and a letter a € Sj for some i, such that p' 
has an outgoing a-transition, but Hi does not (in Ai). Clearly, we also have a computation 

Since has no outgoing a-transition, so neither does iffl, which 
contradicts p =4it. □ 
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4. The complexity of simulation 

This time we take an alternating Turing machine M working in space bounded by the 
size of the input. We want to decide if M has an infinite computation. This means that 
the machine can make choices of existential transitions in such a way that no matter what 
are the choices of universal transitions the machine can always continue. Clearly, one can 
reduce the word problem to this problem, hence it is ExPTiME-hard (see [6]; for more details 
on complexity see any standard textbook). 

We will assume that M has always a choice between two transitions, i.e., for each non 
blocking state/symbol pair qa there will be precisely two distinct tuples q'b'd', q"b"d" such 
that qa — > q'b'd! and qa — > q"b"d". If q is existential then it is up to the machine to choose 
a move; if q is universal then the choice is made from outside. To simplify the presentation 
we will assume that d' = d" , i.e., both moves go in the same direction. Every machine 
can be transformed to an equivalent one with this property. We will also assume that the 
transitions are ordered in some way, so we will be able to say that qa — * q'b'd is the first 
transition and qa — > q"b"d is the second one. 

Take the input word is w of size n. We will construct automata A'i,A'{, ■ ■ ■ ,A' n ,A'^ 
and B such that B is simulated by A\ ® A'{ ■ ■ ■ ® A' n <S> A'^ iff there is an infinite alternating 
computation of M on w. The main idea is that automata A\ and A'- control the i-th tape 
symbol, as in the previous section, and each one is in charge of one of the two possible 
transitions (if any) when the input head is at position i in an existential state (universal 
moves are simpler). 

We will modify a little the alphabets that we use. Let 

A- =(Q x r,)U(Q xT.x {l,r} x {1}) 

A?=(Q x T t )u(Q x x {l,r} x {2}) 

We then put A; = A • U A? , A = \J t A,, A' = U, A^ and A" = (J* 
The automaton A\ is defined as follows: 

• The set of states is Q\ = {T}uru (Q x F)U(Q x T x {I, r}), the alphabet of the automaton 
is = A U {(}; where £ is a new letter common to all automata. 

• We have the following transitions: 

— a -^A qa for all a £ T and q G Q, 

q'Edl q"b'{dl 

— qa — > b and qa — ► b if g is an universal state and qa — > qb d, qa — > q b d are 
the two transitions from qa. We have also transitions to T on all the letters from 
& i \{q J b' i dl,q"b'ldl}. 

£ q'b'dl q"b"dl 

— qa — ► q'b'd b' and qa — ^ b" if q is an existential state and qa — > q'b'd, 
qa — > q"b"d are the first and the second transitions from qa, respectively. We have 
also transitions to T on all the letters from A£ \ {q"b'-dl}. From q'b'd all transitions 
on A^ \ {q%dl} go to T. 

— From a, transitions on letters in A^ \ {qai : q € Q} go to T. If qa is terminal then 
there are no outgoing transitions from qa. From T there are self-loops on all letters 
from A c := A U {(}. 

• The initial state of A\ is u>i, the i-th letter of w except for A\ whose initial state is q w±, 
the initial state of M and the first letter of w. 

Figure [3] below presents parts of A\ corresponding to universal and existential states. 
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The automaton A'- is the same as A\ with the difference that we replace every label 
q"b"dl by q'b'd2, every q'b'dl by q"b"d2 (notice the change of primes and double primes), 
every by A" and A' by A". Moreover, state labels b' and b" are exchanged, and state 
q'b'd is relabeled q"b"d. 

Next, we define a new automaton K that will be used to define new automaton B. The 
states of K are 

Qk = {s, e, choice} U (Q x Tj x {I, r}) 

i 

plus some auxiliary states to implement transitions on two letters at a time. We will write 
transitions with two letters on them for readability. The initial state is s and the final one 
is e. The alphabet is Y*k = The transitions are defined by (cf. Figure H]): 

• s — ^ choice; 

• s ^ q — > 1 q'bir whenever we have a transition qa — > q'br in M for some universal 
state q and some letter a, and similarly from choice instead of s when q is existential; 

• s q 1+1 — % 1+1 ^ q'bi+\l whenever we have a transition qa — > in M for some universal 
state q and some letter a, and similarly from choice instead of s when q is existential; 

• q'bir ^ q e and q'bi+\l ^ q —^l e for all cgT. 

We define ^ as the deterministic automaton recognizing (L(K))* that is obtained by gluing 
together states s and e. 

Remark 2. All A^, A'( and B are deterministic and of size polynomial in n. 

Definition 4.1. A configuration C of size n corresponds to a global state s of ^ ®A^ ■ ■ - ® 
A' n ® -4" if S2i = S2i-i = C(i) for i = 1, . . . , n; in other words, if the states of A\ and A" 
are the same as the i-th letter of C. 
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Figure 4: Automaton K 



Definition 4.2. We say that a global state s of A[ ® A'{ ■ ■ ■ <2> A' n <8> .4^ is proper when T 
does not appear in s. 

It is easy to see that from a non proper state, A\ <8> *4i • • • <8> -44 <8> A n can simulate any 
state of B. The reason is that from T, any move on letters from A c is possible. 

Lemma 4.3. Suppose that A[ <S> A'{ •••<%> A' n <8) A'n is in a state s corresponding to a con- 
figuration C of M. If C has no successor configuration then there is a word v G L(K) that 
cannot be simulated by A[ <S> A'[ ■ ■ ■ <S> A' n <S> A'n from s. Otherwise, C has two successor 
configurations C h C and C h C" . We have two cases: 

• If C is universal then there are two words v' and v" in L{K): each leading from s to a 
unique state v and v' , respectively. These two states are proper and correspond to C and 
C" , respectively. On all other words from L(K), non proper states can be reached from s. 

• If C is existential, then on the letter £ exactly two states are reachable from s, call them 
s' and s" . There is a word v' such that Qv' G L{K) and on v' from s' a unique state is 
reachable. This state is proper and corresponds to C . Similarly there is a word v" for s" 
and C" . On all words from L(K) that are different from Qv' and (v" , non proper states 
can be reached from s. 

Proof. As s corresponds to the configuration C, there is some i such that both automata 
A\ and A'I are in state qa, for some q £ Q and a £ T, and all other automata are in states 
from T. 

If C is a configuration without successor, then the state qa in A\ and A" does not have 
any outgoing transition. Thus these automata cannot simulate the C, transition of K from 
s. No other automaton A'j, or A" can simulate the ( transition either, as they are all in 
states from T. 

Suppose that C is an universal configuration with two possible transitions to the right, 
qa — > q'b'r and qa — > q"b"r. The case when the moves are to the left is similar. In A\ 
from the state qa we have a transition on q'b[rl leading to b' and on q"b'-rl leading to b". 
Similarly for A", but on q'b'^2 and q"b"r2. These transitions can simulate both transitions 
(q'b' i rl)(q'b' i r2) and (q"b'-rl)(q"b'-r2) that are possible from s in K. (All other transitions 
from s in K lead from s to a non proper state of A[ <S> A" • • • <8> A' n (8> A' n .) Let us focus only 



10 



A. MUSCHOLL AND I. WALUKIEWICZ 



on the first case, when ((/2^rT)(</^r2) is executed in K and the state q'b^r is reached. From 
this state only transitions (q'c' i+1 ) 2 are possible, for all d £ T. Suppose that A' i+l and A'( +1 
are in state c £ T. Transition (g'cj + i) 2 of K is simulated by moves to q'c in both A' i+1 and 
A'l +l . This way the new state is transferred to the right. Transitions (q'c' i+l ) 2 where c ^ c' 
are simulated in A[ (S> A'{ ■ ■ ■ <g> .4^ <8> -4." by moves of A' i+l and »4", j to T. 

Suppose that C is an existential configuration, with possible transitions qa — > and 
qa — > q"b"r. The case when moves are to the left is similar. Consider first the transition 
of K from s that corresponds to the letter £. Both A[ and A" can simulate this transition: 
the first goes to state q'b'r, and the second goes to q"b"r. Assume that it is the transition 
of A[ that is taken; the other case is symmetric. We get to the position when K is in the 
state choice, A\ is in the state q'b'r and A'( in the state qa. From choice, automaton K 
can do (g'6-rl)(g'6-r2) that can be simulated by the transitions of A[ and A" (every other 
transition of K can be simulated by a move of A[ <g) A'{ ■ ■ • ® A' n <g) A'^ to a non proper state) . 
Both automata reach the state b'. Automaton K is now in state q'bir from where it can do 
(g'cj+i) 2 for any c E V. The result of simulating these transitions while reaching a proper 
state is the transfer of the state to the right, in the same way as in the case of the universal 
move. Finally, it remains to see what happens if K makes a move from s that is different 
from In this case, at least one of the automata A[, A'- can simulate the corresponding 
transition on (pe^dl), {peid2) respectively, by going to state T, since we suppose that in any 
configuration of M, the two outgoing transitions are distinct. Hence, a non proper state 
can be reached. □ 

Theorem 4.4. The following problem is ExPTlME-complete: 

Input: deterministic automata A\, . . . ,A n and a deterministic automaton B. 
Output: decide if B =^ A\® ■ ■ ■ <8> A n . 

Proof. The problem is clearly in Exptime as the state space of A[ (8) A" • • • <S> A' n <g> A!^ can 
be constructed in Exptime. For Exptime hardness, we take an alternating machine M 
as at the beginning of this section and use the construction presented above together with 
Lemma f4.31 Recall, that B is a deterministic automaton obtained from the automaton K by 
gluing states s and e (cf. FigureH]). We also have that the initial state of A'^A" ■ ■ -®A' n ®A'^ 
corresponds to the initial configuration of M (in a way required by Definition 14. ip . We will 
show that for every state t corresponding to a configuration C of M: s ^ t iff M has an 
infinite alternating computation from C. 

Consider a game of two players: Computer and Environment. Positions of the game are 
configurations of M. In existential configurations Computer chooses a successor configura- 
tion (with respect to the transition table of M). In universal configurations Environment 
makes a choice. Having an infinite alternating computation from C is equivalent to saying 
that in this game Computer has a strategy to avoid being blocked. At the same time, not 
having such a computation from C is equivalent to saying Environment has a strategy to 
reach a configuration with no successors. As this is a reachability game, for each such C 
there is a bound dc (distance) on the number of steps in which Environment can force 
Computer into a blocking configuration. This distance is if C is blocking; it is one plus 
the maximum over distances for two successor configurations if C is existential, and it is 
one plus the minimum over the distances of successor configurations if C is universal. (Here 
we assume that the distance is oo if Environment cannot win from C). 

Going back to the proof of the theorem, consider first the case when M does not have 
an infinite alternating computation from C. Let t be the state of A[ <S> A'{ ■ ■ ■ <8> A' n ® A'^ 
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corresponding to C. We show that s ^ t by induction on the distance dc- There are three 
possible cases: 

• If d c = then is no transition possible from C . In this case Lemma 14.31 gives us an 
execution of B from s that cannot be simulated by A[ <8> A'{ ••■(B) -A^ <8> .A" from t. 

• If C is universal, there is a successor C\ such that dc* > dc\- We take the word v G 
given by Lemma [4.31 The only way to simulate this word from t leads to the proper state 
t\ corresponding to C\. By induction hypothesis s ^ t\. 

• If C is existential, then for both successor configurations, C and C" , the distance is 
smaller. We make B execute £ and then, depending how it was matched by A'i ®A'{ •••(B) 

® A-n j a w ord forcing the automaton to go to a proper state corresponding either to 
C or to C" . Using the induction hypothesis we get that the simulation is not possible 
from s and the obtained states. 
The case when M has an infinite alternating computation from C is very similar. In 
this case dc = oo. The means that if C is an existential computation then one of the 
successor configurations has distance equal to oo. By Lemma 14.31 we can match £ so that 
we go to the state corresponding to that configuration. If C is universal then both successor 
configurations have distance equal to oo. Once again Lemma 14.31 tells us how to match 
every word from L(K). □ 

We conclude the section by showing that Theorem 14.41 still holds under the assumption 
that the alphabet of the automata Ai and B is of constant size. 

Theorem 4.5. Let E be a fixed alphabet of at least 2 letters. The following problem is 
EXPTIME- complete: 

Input: deterministic automata Ai, . . . , A n and a deterministic automaton B over the 
input alphabet E. 

Output: decide if B =4 A\ <B> • • • <S> A n . 

Proof. We reduce directly from Theorem I4.4L Suppose that the input alphabet of all au- 
tomata Ai, B is E X {1, . . . , m}, for some m. Moreover, let S be the set of states of B and 
let Q = Qi x • • • x Q n be the set of global states of Ai ® • • • <B) A n . 

In each automaton Ai, B we replace every transition s — > t by a sequence of transitions 
with labels from SU{#,$} as follows: 

s (stlO) ^ (stZl) (stZ2) ^ (stZQ -?-» i 

The (Z + 1) states (stlO), . . . , (stll) are new. Let A\, B' be the automata obtained from Ai, 
B, with state space Q' and S', respectively. 

Take =4, the largest simulation relation from B to A\ <8> ■ ■ ■ (B>.4n- We show how to extend 
=<! to =<;' such that is a simulation relation from B' to A'i <B> • • • <B> ^4^ (not necessarily the 
largest one). Let =<;' be the union of =<; with the set of all pairs ((stlk),u'), where s,t G S, 
v! = (u[, . . . , u' n ) G Q', and such that: 

• s t and v u; for some a 6 E, u = (v\, . . . , v n ) and w = (u>i, . . . , w n ) such that 
s ^ v, t ^ w, 

• there is some i with u\ = (viWilk), and u'j = Vj = Wj for j ^ i. 

It is immediate to check that is a simulation relation. First, (old) states from S can only 
be simulated by (old) states from Q. Second, a new state (stlj) of B can be simulated only 
by states u' £ Q' \ Q. It can be shown easily that the largest simulation relation from B' to 
A[ <B> • • • ® -4^ coincides with (hence with on the set S x Q of pairs of old states. 
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5. The complexity of bisimulation 

Till now we wanted to decide if an asynchronous product of deterministic automata 
A\ ® • • • (g> An can simulate a deterministic automaton B. An evident question is to consider 
what happens if we consider bisimulation instead of simulation. To be bisimilar to an 
asynchronous product, B must satisfy some structural constraints. In this section we prove 
the following theorem, which shows that indeed, the bisimulation problem is easier. 

Theorem 5.1. The following question can be solved in logarithmic space: 

Input: n deterministic automata Ai, ■ . . ,A n and a deterministic automaton B. 
Output: decide if B and Ai <8> • • • <S> A n are bisimilar. 

The proof of the theorem will occupy the rest of the section. We fix B and Ai, ■ ■ ■ , A n . 
Without loss of generality we assume that B is minimal with respect to bisimulation: no 
two different states of B are bisimilar (if B is not minimal we can minimize it on-the-fly in 
logarithmic space). This assumption also has a very pleasant consequence. If two states Si 
and S2 of B are bisimilar to the same global state of A, then s\ = S2- 

As we aim to obtain a logarithmic space algorithm we cannot even allow ourselves to 
explore the state space of A\ ® ■ ■ ■ <g> An at random, as we cannot store the tuples of states. 
This is why the following definition is crucial for the construction. 

Definition 5.2. A sequence of transitions of Ai<8> ■ ■ ■ ®A n is banal if it can be decomposed 
into a, possibly empty, sequence of transitions of Ai, followed by one of A2, and so on, up 
to A n . 

Observe that thanks to the lack of synchronization every state of Ai <8> • • • <8> A n is 
reachable by a run that is a banal sequence. Another pleasant property is that banal 
sequences can be explored in logarithmic space: we need only to remember the current 
state of the unique process that is active. We call configuration a pair (s, i) consisting of a 
state s of B and a global state t of A. For convenience, we say that a configuration (s, i) 
is reachable by some sequence p of transitions of A if p leads to t from the initial state 
of A, and if s is reached in B from the initial state by the sequence of actions associated 
with p (this is well-defined since B is deterministic). Note also that we can explore any 
configuration (s,t) that is reachable by some banal sequence in logarithmic space. Let us 
call such pairs banally-reachable configurations. 

The first necessary condition for B being bisimilar to Ai <8> • • • <8> A n is that for every 
banally-reachable configuration (s,i) the same actions are possible from s and t. This can 
be checked in logarithmic space as it is easy to verify its negation within this bound. 

The second necessary condition is that every reachable configuration is banally-reachable. 
Indeed, if (s,t) is reachable by a sequence that is not banal then the banal sequence p ob- 
tained by ordering the transitions process-wise also reaches t. If a bisimulation exists then 
we are guaranteed that p reaches s in B. This is because the state reached by p must be 
bisimilar to s, and B is minimal with respect to bisimulation. 

To show that one can check in logarithmic space that every reachable configuration is 
banally-reachable, we consider the negation of this property. We can then use the fact that 
Logspace is closed under complement. We want to find a reachable configuration that is 
not banally-reachable. If one exists then we can look at one that is reachable in a shortest 
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number of steps. This means that there must exist a banally-reachable configuration (si,ii), 
an action b and a process i such that (52,^2) is not banally-reachable, where 5g(si,b) = S2 
and t<i is obtained from t\ by taking transition b of process i. This can be checked as follows. 
One produces on-the-fly a banal sequence, when the part of process i is finished an extra 
transition with letter b is taken. This way we have two states, one before taking b and one 
after. We then continue constructing banal sequences from the two states with transitions 
of processes % + 1 up to n. This way we have obtained two sequences which differ by the 
action b of process i, and we check that the two states reached by B are different. 

Together, the two conditions above are also sufficient for A\ <8> • • • <8> A n and B being 
bisimilar, hence the result. 

6. Conclusion 

We have shown an Exptime lower bound for the composition of services that are 
described as a fully asynchronous product of finite state machines. Thus, we answer the 
question left open in [2]. Since our lower bound holds for the simplest parallel composition 
operation one can think of (no synchronization at all), it also applies to richer models, 
such as products with synchronization on actions as in [TO] or communicating finite-state 
machines (CFSM) as in [9J, [8] . It is easy to see that the simulation of a finite-state machine 
by a CFSM A with bounded message queues is in Exptime, since the state space of A 
is exponential in this case. Hence, this problem, as well as any of its variants with some 
restricted form of communication, is ExPTiME-complete as well. 

An interesting open question is what happens if we allow in the asynchronous product 
arbitrary many copies of each finite state machine. That is, we suppose that an available 
service can be used by an arbitrary number of peers. This question reduces to a bounded 
variant of the simulation of a finite state machine by a BPP, and its decidability status is 
open. 

Acknowledgement: We thank the anonymous referees for interesting comments and 
suggestions for improvement. 
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